Malwarebytes’ Anti-Malware IP Blocking
General August 3rd, 2009Malwarebytes’ Anti-Malware version 1.40 introduces an IP blocking module for our paid customers.
The IP blocking module enhances the Malwarebytes’ Anti-Malware protection module by tremendously improving protection. When a user attempts to visit a website that is infected, the IP blocking module quickly kicks in to block the connection and alert the user. This IP blocking module is updated every time the database is updated to include the latest IP ranges that should be blocked. It also provides us with an advantage as it blocks malicious software that has not yet been released, which allows us to be proactive and not reactive.
Also, if a Trojan is executed on an infected system and it tries to download a payload, that payload will be BLOCKED by the IP blocking module. See below for a screenshot.
We hope all of our customers feel much safer now that this has been implemented!
If you have not yet downloaded Malwarebytes’ Anti-Malware, you may do so here. If you have not yet purchased Malwarebytes’ Anti-Malware, you may do so here.
August 3rd, 2009 at 7:55 pm
i get message infected blah blah blah
August 3rd, 2009 at 9:34 pm
Nice idea and great selling feature. I am a MB reseller and look forward to this new featue.
August 3rd, 2009 at 11:47 pm
Is this any more useful than a free OpenDNS account with their blocking turned on? Are we about to start seeing “black list tests” ?
August 4th, 2009 at 12:03 am
Are the blocked IPs logged somehow? My PC is clean – I know for a fact it’s clean – and I had a balloon with just like the screen shot above (different IP of course). I clicked on it for more info and got nothing, the balloon just closed. I wasn’t surfing, or anything, Firefox was open at the Google search page, and had been for a couple hours, just idling. It looks like this feature can be turned off, but I’d like some more info about it….
August 4th, 2009 at 12:05 am
The IPs are logged to a file in the Program Data folder. Here is where it would be on Windows Vista.
C:\ProgramData\Malwarebytes\Malwarebytes’ Anti-Malware\Logs\protection-log-2009-08-04.txt
For Windows XP, it would be located in the following location.
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes’ Anti-Malware\Logs\protection-log-2009-08-04.txt
Let me know if you need any more help.
August 4th, 2009 at 8:24 am
Thanks! I rely on Malwarebytes to keep those Trojans out, and it works. I’m thankful that updates and new versions are easily downloaded and installed. Extra protection is always better.
August 4th, 2009 at 8:49 am
Thanks for your continuing improvement of Malwarebytes’ Anti-Malware.
Regards,
August 4th, 2009 at 9:58 am
hello marcin.can you please provide some answers?
1.Is this ip restriction service making mbam more demanding on resources?more ‘heavy’ when running?
2.is also ip protection module when enabled slowing down browsing speed and if so how much?in other terms does it has impact on internet speed?
August 4th, 2009 at 10:36 am
A cool feature but it would be nice if paid users would get a little advanced warning. The program updates automatically and all of a sudden there is this new feature and it catches you by surprise. You are not aware of a change so you think it’s a problem.
Also like dlb asked….what accounts for a balloon IP warning above the taskbar icon while the computer is inactive??
August 4th, 2009 at 11:33 am
1. It uses very little extra resources. Virtually none.
2. It does not slow down browsing speed at all.
August 4th, 2009 at 11:49 am
Is there a way to ignore an IP, I’m getting a positive with the ip: 66.147.240.153 wich is the server where I’m hosting, it is a HostMonster server, how can I avoid this blocking?
August 4th, 2009 at 11:50 am
Like the commenter above, it concerns me when I see the words “Infection detected” because it makes me think my computer is hosed. Before this was implemented, was this going on all the time, and I just didn’t know it?
August 4th, 2009 at 12:05 pm
Thomas, please post in our False Positives forum and we will get it sorted out in a jiffy!
Harry, we used “Infection Detected” because it was the only item that made sense in our translation files at the moment. We will be contacting all of our translators shortly to get the language files re-translated and improve this item. Obviously we can do this in English, but we wanted it to remain consistent throughout all languages.
August 4th, 2009 at 5:34 pm
Marcin Kleczynski Says: “we used “Infection Detected” because it was the only item that made sense in our translation files at the moment”
Just leaving it as “IP Protection: 111.222.333.444″ would perhaps have been better.
August 4th, 2009 at 9:21 pm
This is a cool feature. Looks promising. My question is, is there a way to know what application is trying to access the blocked IP address. I thought I had nothing running and its blocking IP’s. I know my system is clean though.
August 4th, 2009 at 10:16 pm
I do not believe the program can display which application is trying to access the IP because of the Microsoft API that we are limited to. On Vista, this is possible, anything lower than that is not.
I will double check with our development team and see if we can make it a feature in the next few versions!
August 5th, 2009 at 2:36 am
I am a big fan of your product !
It is the only promising antimalware available in the market at present !
You keep adding new features in your upcoming versions , but we are unaware of the fact that these features are available.
I downloaded the 1.40 version and was surprised to see the pop up from malwarebytes that “INFECTED IP DETECTED ”
Administrator IP-BLOCK 61.235.117.43
Administrator IP-BLOCK 219.144.177.125
Administrator IP-BLOCK 218.0.165.101
Administrator IP-BLOCK 218.14.176.146
Administrator IP-BLOCK 218.8.229.44
Administrator IP-BLOCK 219.159.166.54
Administrator IP-BLOCK 219.159.83.125
Administrator IP-BLOCK 218.5.218.219
Administrator IP-BLOCK 218.0.117.67
AND I DONT KNOW WHAT IP ARE THESE !
please help me out ,
My system is clean for sure , then why are these popping out ?
August 5th, 2009 at 4:37 am
With all the confusion and consternation this new IP feature is causing I would suggest we change the wording in the warnig balloon to read…………..I.P. Warning rather than the current Infection detected. That way there is a distinction between actually having an infection and being warned of a potential one.
Other than that an excellent addition to a product no one should be without!!
August 5th, 2009 at 1:31 pm
[...] latest IP’s along with infections out there to keep this new feature effective. Also, as a few commenters pointed out on the Malwarebytes blog, the tool tip should be reworded a bit. It [...]
August 5th, 2009 at 9:44 pm
Is there a way to turn off these alerts? I’m grateful for the extra protection but the constant bubble alerts annoy me…I can’t be the only one who thinks so?
August 5th, 2009 at 11:04 pm
This feature is optional and can be disabled by right clicking on the tray icon and unchecking IP Protection. As for disabling the bubbles from appearing and blocking everything silently — we should have that in a future version.
Best regards,
Marcin
August 6th, 2009 at 2:12 am
Hi Marcin
Shall we disable any third party firewall if we use ip protection? Is this module compatible with Firewalls?
Thanks
August 6th, 2009 at 9:19 pm
Marcin, if we disable IP protection, yes it does kill the balloon but it also stops the IP protection. Can we keep the protection but stop the annoying the balloon? Also, can there be a link in mbam that points to the log of blocked IPs?
I am very sure my computer is secure, but then these balloons started popping up. I scanned with mbam and avast, nothing found.
Reading other comments, I think we all want the same things, scanning is good, let us be able to turn off the balloon and access the log from within mbam.
August 7th, 2009 at 1:48 am
I found the constant IP balloon alert very annoying. Given that there is no infection there should be someway within the program to turn of the alert once you’ve noted the potentially bad IP address.
The way I stopped this annoying alert was to go to Start menu properties (right click start button and select Properties) and in Taskbar/Hide inactive icons/Customise selcted Malwarebytes icon and set it to Always hide.
No more annoying alert.
August 7th, 2009 at 6:43 am
“The way I stopped this annoying alert was to go to Start menu properties (right click start button and select Properties) and in Taskbar/Hide inactive icons/Customise selcted Malwarebytes icon and set it to Always hide.
No more annoying alert.”
Thank you for that George, you made my day.
I think however this should be an inbuilt function.
August 7th, 2009 at 7:33 am
Is this a bug with the IP Blocker ? I have a clean system, fresh installed, I scanned it with MalwareAntibytes, Spybot Search and Destroy and Eset Smart Secutiry. But I get these boring popups:
12:36:45 deep IP-BLOCK 208.73.210.27
12:36:55 deep IP-BLOCK 208.73.210.27
12:37:15 deep IP-BLOCK 208.73.210.27
12:37:15 deep IP-BLOCK 208.73.210.27
12:37:25 deep IP-BLOCK 208.73.210.27
12:37:45 deep IP-BLOCK 208.73.210.27
12:37:45 deep IP-BLOCK 64.191.102.118
12:37:45 deep IP-BLOCK 208.73.210.27
12:37:55 deep IP-BLOCK 208.73.210.27
12:38:15 deep IP-BLOCK 208.73.210.27
12:38:15 deep IP-BLOCK 208.73.210.27
12:38:25 deep IP-BLOCK 208.73.210.27
12:38:45 deep IP-BLOCK 208.73.210.27
12:38:45 deep IP-BLOCK 208.73.210.27
12:38:55 deep IP-BLOCK 208.73.210.27
12:40:15 deep IP-BLOCK 208.73.210.27
12:40:25 deep IP-BLOCK 208.73.210.27
12:40:25 deep IP-BLOCK 208.73.210.27
12:41:15 deep IP-BLOCK 208.73.210.27
12:41:26 deep IP-BLOCK 208.73.210.27
12:41:26 deep IP-BLOCK 208.73.210.27
12:42:26 deep IP-BLOCK 195.161.15.19
12:42:26 deep IP-BLOCK 195.161.15.19
12:42:36 deep IP-BLOCK 195.161.15.19
12:42:36 deep IP-BLOCK 195.161.15.19
12:42:36 deep IP-BLOCK 195.161.15.19
12:42:36 deep IP-BLOCK 195.161.15.19
12:42:46 deep IP-BLOCK 195.161.15.19
12:46:36 deep IP-BLOCK 208.73.210.27
12:46:36 deep IP-BLOCK 208.73.210.27
12:46:46 deep IP-BLOCK 82.146.41.155
12:46:46 deep IP-BLOCK 82.146.41.155
12:46:56 deep IP-BLOCK 82.146.44.112
12:46:56 deep IP-BLOCK 82.146.44.112
12:46:56 deep IP-BLOCK 208.73.210.27
12:47:06 deep IP-BLOCK 208.73.210.27
12:47:06 deep IP-BLOCK 208.73.210.27
12:47:36 deep IP-BLOCK 208.73.210.27
12:47:36 deep IP-BLOCK 208.73.210.27
12:47:46 deep IP-BLOCK 208.73.210.27
12:48:06 deep IP-BLOCK 208.73.210.27
12:48:06 deep IP-BLOCK 208.73.210.27
12:48:16 deep IP-BLOCK 208.73.210.27
12:48:16 deep IP-BLOCK 82.146.47.82
12:48:16 deep IP-BLOCK 82.146.47.82
12:48:36 deep IP-BLOCK 208.73.210.27
12:48:36 deep IP-BLOCK 208.73.210.27
……
15:20:42 deep IP-BLOCK 208.73.210.27
15:21:02 deep IP-BLOCK 208.73.210.27
15:21:02 deep IP-BLOCK 208.73.210.27
15:21:12 deep IP-BLOCK 208.73.210.27
15:21:32 deep IP-BLOCK 208.73.210.27
15:21:32 deep IP-BLOCK 208.73.210.27
15:21:42 deep IP-BLOCK 208.73.210.27
15:22:02 deep IP-BLOCK 208.73.210.27
15:22:02 deep IP-BLOCK 208.73.210.27
15:22:12 deep IP-BLOCK 208.73.210.27
15:22:32 deep IP-BLOCK 208.73.210.27
15:22:32 deep IP-BLOCK 208.73.210.27
15:22:42 deep IP-BLOCK 208.73.210.27
15:23:02 deep IP-BLOCK 208.73.210.27
15:23:02 deep IP-BLOCK 208.73.210.27
15:23:12 deep IP-BLOCK 208.73.210.27
15:23:32 deep IP-BLOCK 208.73.210.27
15:23:32 deep IP-BLOCK 208.73.210.27
15:23:42 deep IP-BLOCK 208.73.210.27
15:24:02 deep IP-BLOCK 208.73.210.27
15:24:12 deep IP-BLOCK 208.73.210.27
15:24:12 deep IP-BLOCK 208.73.210.27
15:25:42 deep IP-BLOCK 208.73.210.27
15:25:42 deep IP-BLOCK 208.73.210.27
15:25:52 deep IP-BLOCK 208.73.210.27
15:26:42 deep IP-BLOCK 208.73.210.27
15:26:42 deep IP-BLOCK 208.73.210.27
15:26:52 deep IP-BLOCK 208.73.210.27
15:28:42 deep IP-BLOCK 208.73.210.27
15:28:52 deep IP-BLOCK 208.73.210.27
15:28:52 deep IP-BLOCK 208.73.210.27
15:29:12 deep IP-BLOCK 208.73.210.27
15:29:22 deep IP-BLOCK 208.73.210.27
15:29:22 deep IP-BLOCK 208.73.210.27
15:29:42 deep IP-BLOCK 208.73.210.27
this log is no 90kb !
August 7th, 2009 at 7:52 am
on tracking IP….it has been found that the IP is located in CHINA 10,langfang.
August 7th, 2009 at 8:36 am
problem solved. it was my dyndns update client !
August 7th, 2009 at 2:37 pm
I agree with Sinclair; the pop up is annoying. The IP protection also displays false alerts; i.e., my router IP address, or at least one of them, is frequently “infected”. The alert language should be changed, too.
August 7th, 2009 at 2:44 pm
All, we are working on a bunch of changes for version 1.41 and should have it out within 2-3 weeks. Thank you for all of your suggestions, they are great!
Best regards,
Marcin
August 8th, 2009 at 4:29 am
Why would this only be provided to paying customers? This feature is not even nearly effective enough to even be considered useful. I would recommend that one use a good firewall instead if they want to stay secure from would be hackers or bots. This “feature” provides only one layer of protection where a reputable firewall would provide multi-layers of protection. Furthermore, your one layer of protection is most accessed with API, which means you don’t even have the ability to capture raw packets, so the “feature” is bogus most likely. Unless you are going to lie and say that you developed a packet driver.
August 8th, 2009 at 8:26 am
When the balloon pops up and says ip detected, does that mean that it detected it and blocked it? or is it just letting you know that that ip could potentially be dangerous?
August 8th, 2009 at 1:01 pm
@Not Fooled!!:
I don’t think you understand what’s being provided here.
It’s nothing like a firewall and is very useful.
This prevents you making connections to IP which are known to be sources of malware.
Since it takes a great deal of effort to create and update the list of IPs it is totally reasonable to only let paying customers have this feature.
August 8th, 2009 at 3:23 pm
Google already does this for free.
August 8th, 2009 at 5:04 pm
@Simon Caster:
How so?
I don’t see how google can stop my browser fetching part of a page from such an IP.
August 8th, 2009 at 6:25 pm
George and Postal………….You are going to way to much trouble to turn off the IP alerts.
Right click the MB Icon in the task bar and uncheck IP protection!!!!
August 8th, 2009 at 7:26 pm
When the balloon pops up and says ip detected, does that mean that it detected it and blocked it? or is it just letting you know that that ip could potentially be dangerous??
August 9th, 2009 at 3:41 am
If a page is known for being malicious and you found it on Google and try to navigate to the page, then it will stop you and alert you to the fact that the website is known for being malignant. I am sure that you can even download browser plug-ins that do this exact same thing for FREE. I still say this “feature” is not worth it.
August 9th, 2009 at 3:53 am
BTW. It doesn’t even make sense for a malware scanner to attempt to monitor network connections. Especially, out-going connections. I would be worried that my Internet activity is being logged. I assume your software interacts with a remote database, thus it calls out sending with it the URI the user just requested. This could be stored on that server without anyone knowing and could be used to track a user’s activity. How does anyone know you don’t sell that information, because you say so? Furthermore, the added delay could prove annoying, not to mention the pop-ups users bare when something is detected. What if this program was on a LAN and 10 people were using the LAN at the same time, your software would jam up the access logs with a bunch of rubbish! Basically, what you tried to do is not just potentially dangerous and/or a bottle-neck to a LAN, but it is also quite an odd thing to do.
August 9th, 2009 at 3:58 am
…an odd thing to do considering the type of software this is supposed to be.
August 9th, 2009 at 5:00 am
@Simon Caster:
Then by your definition there are probably a lot of odd anti-malware packages already out there. It’s not a new idea by any means. Spybot Search and Destroy and SpywareBlaster are two that come to mind.
Presumably the database of IPs is downloaded to your computer with the other regular updates. That’s the obvious thing to do and is how SBS&D and SB do it. It would slow things too much to do it over the net.
August 9th, 2009 at 5:03 am
@GregT:
But they are trying to find a way of leaving IP protection on and just getting rid of the pop ups.
August 9th, 2009 at 7:39 pm
I don’t think it would matter how many other scanners start doing this, the fact of the matter is the scanner has no place monitoring network connections.
It’s a MALWARE SCANNER. It is supposed to scan for malware, that’s it! It’s ridiculously obvious that any company who venture outside the scope of their product is trying to compensate.
Anyone who knows security will tell you that a scanner is a scanner, the only thing that separates them is speed, because they all use the same signatures and techniques to identify malware. Unless of course you pioneer a new way which it appears that this company likes to follow.
Like I already said, Google does this for FREE (has been for years), and there are FREE browser add-ons to do this as well, and those solutions make more sense to implement such a feature as described by the OP.
August 9th, 2009 at 8:27 pm
I have been using malwarebytes from the day it came out, its super protection with great detection rates and now with added bad ip blocker keep up the good work!.
August 10th, 2009 at 4:27 am
@Simon Caster:
Excuse me but if you knew anything at all about malware scanners you’d know they do not all use the same signatures. Different scanners differ both in what they can detect and it what will trigger false positives. Now go and troll somewhere else.
August 10th, 2009 at 10:04 am
@Brian Gregory. Please ignore nit picky trolls like simon caster and keep up the good work. IP protection is a great idea and I am glad its on MBAM now. Worth the money I paid. Cheers.
August 10th, 2009 at 11:23 pm
I do NOT feel safer because it is NOT working correctly! It won’t let me go to 2 sites (my daughter’s & my shop through GoDaddy redirect or my husband’s site) but we can go to them not using the redirect. This needs to be fix ASAP, NOT “change the wording”. The wording has nothing to do with the programming that isn’t working correctly!
August 11th, 2009 at 12:14 am
This feature is good at the moment, and could be much better with a little work. First and foremost, not all redirects are malicious. Like in Sandy M’s case. Also, several well known sites use redirects in case of mistyping or wrong suffix. Also, obviously the wording should be redone. There should be a choice as well, as to whether or not to proceed to the site. Maybe implement an option to Block All or Always Ask during setup. Wonderful idea. Maybe Malwarebytes is delving into a new, more full-featured territory. I would LOVE to see a full Malwarebytes Internet Security Suite.
August 11th, 2009 at 1:35 am
@Sandy M:
I suppose it may not be working correctly but not necessarily. There may be/have recently been something nasty hosted on the same server as the sites in question. Remember it blocks IPs not domains so in that sense it’s a bit broad since hosting companies will normally point many low traffic domains at the same server / IP.
August 11th, 2009 at 2:14 am
I do think this is a great feature to have but the messages are really annoying so I am looking forward to it working silently.
I got all my family using MBAM and since this new module was added every single one of them has been frantically messaging me because they think they are under attack or infected
August 11th, 2009 at 5:18 pm
Also wondering about this feature. It’s only started popping up in the last hour.
Since my system is clean (just re-ran MBAM), does this mean that something from that IP (208.73.210.27 in this case) is trying to infect?
August 11th, 2009 at 5:31 pm
From another forum thread:
http://hosts-file.net/?s=208.73.210.27&view=matches
I see how many nasty sites are on that IP but I’m making no attempts to visit them.
Could it be my P2P software? I’m running PeerBlock for added protection there, FWIW.
August 13th, 2009 at 11:29 am
Yes, I’m actually wondering how clean systems would end up making connections to malicious addresses.
Is it possible that non-malicious programs are making these connections?
P2P?
Chattering from Google and Google Chrome?
Windows Services?
Any advice would be appreciated.
August 13th, 2009 at 4:06 pm
How can you unblock some IPs that were Blocked by MB?
August 13th, 2009 at 11:15 pm
This “new” feature is COMPLETE overkill. It’s analogous to stopping every black person from entering your home because one black person was caught stealing. Malwarebyte’s has decided to become the super cop to decide which websites you can visit and which you can’t. They’ve decided to blacklist most indexing sites for torrents and ed2k links among many others. These sites are COMPLETELY safe but they do offer links to files which may be copyrighted, so Malwarebytes decided to just ban them all and call them infested with Malwarebytes. So fracking ridiculous.
I USED to trust Malwarebytes. Now I regard them as self interested control freaks more interested in banning sites dedicated to the spreading of software rather than the prevention of genuine malware.
I can NO longer trust Malwarebytes as a dis-interested, neutral security firm but rather a highly partial, censoring firm dedicated to controlling which websites one can visit–notably file sharing sites.
August 14th, 2009 at 1:39 pm
They are much worst than what you described. They use a form of Marketing termed Astroturfing, where they spoof up a bunch of forum posts or software reviews regarding their own product to make it appear like millions of people use and love their products, which simply is not the case.
MalwareBytes pays people to review them. CNET for example charges around 1200 USD for a review and get this, when they did review them, they said at the end that it wasn’t worth paying for the Pro version because the free version worked just as well (relative to its Pro version not relative to any other legit scanner), then a week later I guess these guys complained and MBAM they changed the verbiage, thus taking out that one line. I wonder how much more they had to pay for a fake review.
Never trust this company, they are liars and they suck at programming, I mean just look at their crapware they produce. It is slow and underdeveloped, all their crappy software is this way, because they suck as developers.
They suck at software, but would make a good PR firm though, maybe they should stop trying to make software and just go into the PR business where they appear to have a real niche.
August 14th, 2009 at 1:41 pm
Simon, do you have ANY idea whatsoever what you are talking about?
August 15th, 2009 at 8:39 am
Malwarebytes in the house!!!
I trust malwarebytes sooo much i removed my kaspersky internet security also deleted my 3yr key and just use mb ip blocker for protection now my pc is getting ate alive with trojans and malware but i dont care it shows brand loyalty and i can live with all the p0rn popups infact i rather like them just not when my mum is standing there :/.
August 15th, 2009 at 11:22 pm
Marcin–
I am very grateful to MBAM for providing such an incredibly effective anti-malware tool at such an incredibly reasonable price. Keep in mind during these attacks on MBAM that the world is comprised of people who are problem solvers, while others are problem creators. When confronted with a problem, problem solvers maintain a positive and balanced attitude, roll up their sleeves, then find an answer without all of the hand wringing and acrimony. Keep up the good work!!
August 16th, 2009 at 10:28 am
WOW!!!
August 17th, 2009 at 4:30 am
OK, so I have read the thread and I am unclear. I get the ballon ever so often. Does this mean my PC is trying to connect outward without my knowledge or consent, thus implaying I have some malware?
BTW – You guys saved my bacon earlier this year – had a nasty trojan and ONLY your software could deal with it, everything else failed.
Thanks
CJ
August 17th, 2009 at 5:36 am
If your getting the IP protection message more than once its giving off false positives they admit they havn’t fixed this bug yet and remind you to switch it off. Also when I did that I was effected by a spyware in utorrent that kept redirecting my browser which was hidden as overlay. in extensions, mozilla. So I wouldn’t use utorrent anymore while malwarebytes IP protection is off.
August 22nd, 2009 at 11:57 am
It is incredible that the wording of the pop up is so not considered. Also, the comments coming from Marcin on this point are unclear.
My question is simple – and relates to the formulation of the pop up message;
Does the pop up ballon mean:
a) Malware *tried* to infect your computer throught the ip number xxx.xxx.xxx.xxx, but was *succesfully* stopped by MAMB
b) Malware *tried* to infect your computer throught the ip number xxx.xxx.xxx.xxx, however, we dont know if it was succesfully stopped by MAMB
c) Your computer has been infected with malware from the following ip number xxx.xxx.xxx.xxx and we have done nothing to prevent it
Mind your, currently the message you are sending is “c”. Is this really what you mean?
You are inadvertely succesfully breaking down good will. Why so many security packages uses so very badly worded interfaces is quite mysterious, considering that their focus is to help ordinary people fight off something that is difficult for the primary segment to decipher.
Please let me know who I should percieve the message from your software, as it is freaking everyone out.
Best regards,
Frederik
August 22nd, 2009 at 3:21 pm
Frederik,
We are making it our priority to improve the language and functionality of the IP blocking module in the next few versions. Thank you for your suggestions!
Best regards,
Marcin
August 26th, 2009 at 6:45 pm
Hi guys!
i have a question…
is tis INFECTION DETECTED message related on inboundo or outgoing trafic?
and second…
as it only DETECTS AND BLOCKS the intrussion… IS IT POSSIBLE TO CONFIGURE THE BALLONS? i wont see them as i cant do anything to avoid the attacks :S
August 26th, 2009 at 7:39 pm
And I keep getting the pop up when I log onto my blog, which is NOT infected. It was corrected once. Now I’m getting it again. NOT HAPPY!
August 31st, 2009 at 2:26 am
This is a new feature. Does this mean the regular sites I used ,that are now blocked, were always infected? If I didn’t get infected during previous visits, why the problem now?
September 1st, 2009 at 2:29 am
The idea of the IP blocker is great, but I am finding it too sensitive and it is blocking access to safe sites. Although not all the time. But it does something block us from our GoogleMail and our own websites (and other sites hosted at One.com).
I’d like to permanently turn this feature off until it has improved, but you can’t.
What it should do is block the site with a pop-up that allows you to ignore it and continue, investigate it in another window and an option to always allow it (i.e. add to a white list).
September 6th, 2009 at 4:34 pm
The IP blocker blocked my online-banking. Thou I hear, bankers=gangsters, this goes a bit too far. I have disabled the baloon-messages on my system, so I even did not get any warning. I phoned my bank and argued with them, because of this problem.
Later, I testet my online-banking after disabling Antivirus and MBAM and after some tests, I found out the reason. I think, it’s very importent, that Malwarebytes does something to prevent their customers from a horrortrip like that.
By the way, it only happened with Firefox. With IE there where no problems ???!!!
September 8th, 2009 at 4:49 pm
gr8 program, just another voicing my concern over the ip blocker. how about when the baloon popsup you have a message
like this ip is reported to be a malware site,do you wish to
continue?? Some of my favourite forums completely safe have
been blocked and i was going nuts trying to figure out why
i couldn’t reach the web page.
hope this is fixed in the next update.
keep up the good work.
jenko
September 13th, 2009 at 1:18 am
…if anyone had ever installed the peerguardian application, would have been scared as to how often and intense seemingly irrelevant IP, try to get in connection with your pc.
still, in that softy too, there is no tell of what is the app causing the intrusion. Anyways, there seems to be a new market need and a wonderful idea to serve is, what the folks at Malwarebytes are trying to do. Patience, Think, the fact that you now know more, does it make you more or less valnurable?
good day to All
September 15th, 2009 at 1:50 pm
So How do I add a blocked Ip address to a whiter list?
September 15th, 2009 at 4:20 pm
I imagine this software is using some form of host management system to prevent IP’s accessing your pc, it would be nice to have an IP Protection managment tab with all the options, disble balloon tips (maybe make the icon flash instead and on mouseover show the balloon), a log of all IP’s blocked (history) and also an option to allow IP because sometimes there are FP in the list and waiting for an update from staff can be time consuming, perhaps even on right click of the log screen to be able to report site annoymously also for those that wish to report a FP.
For example http://board.jdownloader.org/?langid=1 gets blocked but I feel it is clean.
September 21st, 2009 at 8:33 pm
The ip blocking is indeed very good. However I did wish that there was a button to disable it sometimes..
September 21st, 2009 at 8:35 pm
So after the extensive updating. I realized you can disable ip protection. you just right click the M icon and there is an option to disable or enable. Very handy! Highly recommended!
September 22nd, 2009 at 3:42 am
Yes you can right-click and disable IP scanning BUT…only until the next reboot at which time it’s automatically re-enabled…
This IP scanning needs to be user-configurable so you can turn it off and it will STAY off until you turn it back on.
October 14th, 2009 at 9:41 am
Software seems good, found a few bad things that my virus application didn’t, shame on Avast failing me.
The I.P blocking is a good idea but come on guys you have got to stop just blocking & blacklist most indexing sites for torrents, cracks etc.
You getting a paid revenue from these top companies for blocking these sites.
Sort the I.P blocking out, give us users some control over what is blocked or access if we choose to, Sort your blocked I.P list out and only include malwaresites not everything you want to or get paid to block.
George
October 16th, 2009 at 12:26 pm
Well i have had some time to work with the ip protection feature and sorry to say a good idea gone totally wrong…~!!!!!! Blocking Google and all sorts of vaild sights.
Even more anoying, i turn it off by unchecking ip protection but next time it boots up,,, the little bugger is back and i can’t seem to find a plaece to permanently turn it off…
October 23rd, 2009 at 6:43 am
this extremely annoying baloon popup ‘feature’ is not much different form PeerGuardian2, which can be set to be extremely quiet, and edited!
October 25th, 2009 at 2:27 pm
You guys that are complaining over little problems so called problems. If you don’t like the software then remove it. I had a case of 2 very nasty trojans that malwarebytes were able to remove but Kav and the others did not. In fact when KAV forum folks help get rid of the trojans they tell you to download malwarebytes to help in the removal process. I think also we had better watch out for those crackers that maybe are trying to undermind malwarebytes programmers. This is a great product and it will make the crackers angry when their programs are cracked and dealt with.
October 25th, 2009 at 2:30 pm
by the way the ballon pop up is only telling you the protection you are recieving. Did you know that software you may have that you think is clean may contain adware or walmare in it without you knowing. Ex: Sears.com is on the blacklist for adware etc. So think about what you are saying and what Malwarebytes is doing and think which one will you trust. I am not associated with any company, just an old experienced computer user that’s been around since the first PC was affordable.
October 26th, 2009 at 1:11 pm
This issue is *not* rocket science. Malwarebytes should have alerted their customers about this ‘unfinished’ work-in-progress *before* foisting this upon us (no matter how well-intentioned). As a long-time paying customer of this product, I am generally very pleased with the many innovative inroads this company has provided in the detection and removal of some pretty nasty viruses, malware and ’scumware’. However, I take exception to the company integrating a product into their software while it is undergoing a major tweaking process. Simply put: in the future, please don’t use your customers as guinea pigs or experimental fodder. If you’re going to do something similar down the road; at least provide a reasonable option feature whereby your loyal customers can disable for as long as they choose without the hassle of trying to remember to turn it off with each boot, eh?
October 28th, 2009 at 7:04 pm
How to disable the annoying balloon tips. I dont need to see the balloon tips appear every second or so.
How do I disable it ?
October 29th, 2009 at 5:06 pm
We live in an age of hindsite visionaries. Folks who always have the answers after the complaint. Oh, if you offer critical view points your’re now a person who is closed minded, not sensitive to others feelings etc. All that liberal crap is why we’re in the mess the start with. Malwarebytes will keep your computer clean, but remove it and then you will complain, “Someone help to get rid of this trojan” Aren’t we back and forth with our synopsis and evaluations? Ex: Turn off the offending software popups by removing it the software and then wait for an update. That is a good fix.
October 31st, 2009 at 9:22 am
I have used this product when my machine was almost completely disabled. It did the trick. I am quite computer savvy, not limited to Uncle Bill’s world, and use a number of other security products (including personal FW).
MBAM works well and I like the intention of the IP blocking feature. It needs to be developed with more options as mentioned (whitelisting, choice to ignore and proceed etc.).
The reason I am reading this forum is that I noticed that the feature was off and could not be turned on. Has Malwarebytes removed it because of all the bellyaching?
As “bobuche” stated people are annoyed that they get a popup (which could be more informative, and with options, yes, but I am repeating myself) – but these are the same people who are whining when their machines are bogged down with malware. Guess at that point some of them just go and buy new computers.
Some of the other complainers may be either “complainers-because-they-have-no-other-way-of-dealing-with-other-things-in-their-lives” or “they-know-a-little-and-that-is-dangerous” or they are/have competing products. If they are in the last category, then let your product do the talking, rather than make uncivilized unproductive criticisms.
So, Marcin Kleczynski, has the feature been pulled? Is it temporary? To summarize the improvements suggested:
1. More configurable
2. Be able to disable popup if desired and work in silent mode.
3. Be able to get more detail and choice to allow/block with the popup.
4. To be able to configure a whitelist, and option to add to list with Item 3.
Thanks
November 1st, 2009 at 10:54 am
I have never heard such a bunch of whining about something that if you don’t like you can switch off, it was not foisted upon us who have purchased the software it is merely a FREE enhancement of a product. Marcin and the team have stated they are working on making the option user configurable maybe we should give them time to bring it to market and STOP whining…..”if you don’t embrace change you die” Also, for those of you using questionable bit torrents and “cracking” sites use a seperate PC in a DMZ for your illicit activities and don’t compromise your main system…….duh!!
I do have a question for Marcin though, elema asked on 8/26 “is this INFECTION DETECTED message related to inbound or outgoing trafic?” I cannot see in the thread where this was answered and would like to know more, if it is outbound how using XP and the limitations of the Windows API can we locate the source?
November 4th, 2009 at 7:21 pm
The problem is blocking of a range of IP addresses of which a few may be bad but the rest are fine yet still blocked. A recent example would be the official utorrent homepage. My gut tells me there’s no malicious software hosted on that page but MBAM is still blocking the IP. Aside from this particular issue and not being able to tell which application is trying to access the blocked IP, the feature is very useful and will be more-so when they resolve these issues. By the way, I’m guessing that running utorrent would probably result in constant warnings.
November 5th, 2009 at 3:26 pm
This new feature cis you know what it blocked a site that I had no problem with downloading from and now I cannot no matter what I try get the site back. It did this with no warning before hand.
November 21st, 2009 at 6:33 pm
I was curious.. If there is an option to hide the balloon that keeps showing 15 times in a min…
There’s no process running, it just keeps showing..
Anyone from the staff have a solution to this..?
November 24th, 2009 at 9:55 pm
On Nov 7th, two PCs in my client base were hit with a trojan from Breitbart.com, a site often linked to by Drudge Report. It took 4 hours per PC to clean them up. One PC was running a paid version of AVG 8.5 and one a paid version of SuperAntiSpyware. Only Malwarebytes protected PCs against a trojan that I found referenced on the web back to September. Way to go Malwarebytes.
November 30th, 2009 at 4:27 am
This module is blocking several IPs skype uses for Moldova members, something that created great problems until I realised what was going on, I am not located there but 2 of the employees I supervise are, why oh why does it not have an ignore/exceptions list, I have no choice but to turn it off completely when I should be able to just add a few IP addresses to an ignore list, up until now I had been most pleased with this program.
December 6th, 2009 at 11:59 pm
what if the ip is on a shared server? if one site on that server is malicious, then every single other site on that server will be punished?? i’ve already been banned from a few sites that I know are not malicious. i am really having a hard time understanding the logic behind this…
December 6th, 2009 at 11:59 pm
(not banned, blocked by MB
December 8th, 2009 at 5:11 pm
@ bobuche
“You guys that are complaining over little problems so called problems. If you don’t like the software then remove it”
You mean little problems like my clients cant google a site or browse the net?… little problems like the dozens of calls I get because of this assinine add-on?
I will be happy to remove it. Maybe you could help me with my “little problem” of giving back my clients the money they spent on software I recommended.
December 15th, 2009 at 12:25 pm
I like the fact that it blocks the “malicious IP’s”, however, it is annoying to see it constantly blocking the same group OVER AND OVER… after it blocks an IP address, it should learn that that IP is bad and keep it in its log to constantly block, just not alert EVERYTIME it does so… or at least put an option in to do this for those that dont want a constant reminder that it is blocking the SAME IP again, only alert if a new # comes up that it has not detected yet, kind of like a learning mode in a firewall program, you dont want it to tell you over and over that such and such program is accessing the internet! you can click the box, always use this preference,etc… thanks!
December 16th, 2009 at 3:00 am
this is simply bullshit. yes a big BULLSHIT !.
it took me almost full day to understand what is actually wrong with my system ?? and finally i found out it was mbam ip blocking feature shit, that blocked all my network traffic (almost all)
after installing mbam, speed of torrents went to zero. the reason ? mbam ip blocker blocked all my torrent trackers ips and even seeding ips.
not only torrents, i noticed a delay in browsing speed too. the delay was noticeable, that i had to call my isp and had a long discussion with the support guy.
and the most hilarious, we have a linux box in our LAN. it simply keep our files as online storage in zip or rar. we access it via sftp or http and get our files. that box doesn’t even have internet access means it is not exposed to the world but mbam blocked its ip too. lmao.
now just after uninstalling mbam, rebooting, and browsing all those wonderful sites again, i am writing this reply.
if you have mbam installed and you feel something strange with your pc, if you can’t access a normal website (which you used to), just uninstall mbam and all would be fine again.
i can provide a list of sites that i couldn’t access while mbam installed, but i don’t know posting links is allowed here or not.
the most trustworthy “FREE” antivirus is avira free version. just get it from download dot com and forget all these money making softwares like mbam.
December 19th, 2009 at 10:39 am
Funny you say that as the IP blocking feature only comes with the paid product. Pirating your anti-virus seems like a pretty stupid move, no wonder that happened to you.
December 27th, 2009 at 8:56 pm
I personally applaud the MBAM team for a great product. MBAM is able to detect, block, and remove alot of malware that other more expensive products don’t even detect. Keep up the good work.
December 29th, 2009 at 6:55 am
My Requirements:
1) Display Ingoing or Outgoing connection to IP Address
2) Display Process with suspect connection – most important requirement
3) Provide User Defined Whitelist Of IP Addresses
4) Allow Silent Operation – Mode 1: Only display first occurrence
Mode 2: Display no occurrences
5) Make Enable/Disable Permanent
December 31st, 2009 at 9:46 pm
I was working on a friends VISTA computer when I noticed that LAN file transfers were extremely slow 20mb when they shuld have been around 190mb.
Finally, after hours and hours narrowed the problem to the MBAM IP Protection module
disabled LAN files transfers were 180/190mb LOW DPC rate
enabled LAN files transfers were 20/28mb + HIGH DPC rate
Have left IP Protection disabled at this point, does not seem to have the same effect on the XP machine, only VISTA
Is there a fix for this issue
January 5th, 2010 at 4:47 am
Hmmm. Don’t know what to think about this issue here with the ip blocking… I do know MBAM to be trusted and recommended highly — even BY some certain tech forums of certain competitors, so I don’t think in my gut that the charge of “astroturfing” holds altogether that well (although quite a few generic replies sound very clipped and similar in spelling/grammar — but then maybe i am paranoid by now, couldn’t have anything to do with like 20 infection alerts in the past 10 mins).
hehe. anyway i don’t think it’s QUITE as serious as some make it out, and i think it’s definitely more serious than a few others seem to think. i believe MBAM is probably working on this problem and will get it fixed. how fast, i’m not sure. I do know for a fact that torrent clients will cause a flare-up as my little brother informed me that his ip-block balloons (which were happening when comp inactive) stopped completely when he closed the torrent program(s) and rebooted clean.
anyway if you have a p2p client, simply disable ip-block or uninstall mbam until they get it fixed.
on the other hand, though i am a loyal customer, i will say that while it’s a relatively easy fix for most of us, it should be in the short term and hope that MB gets it taken care of quickly..
always a grey area, thanks
January 13th, 2010 at 9:56 am
OK, maybe I am smarter then average user or maybe I just use a bit of common sense before logging on a forum and start blasting something I don’t understand but this new feature seems pretty straight forward to me. It says Ip Blocked it means it blocked that IP from communicating with your machine. How is that confusing?
It seems to work both ways Inbound and Outbound.
Case in point: I had a major problem with a Customer’s step daughter and myspace and the one of the free (myspace)backgrounds a outside company offered which in turn infected one of my many pc’s with the antivirus 2009 (now 2010) fakeware program that neither Nortons or AVG stoppedor even SAW.
Once I killed the bug and removed EVERY SINGLE SHRED OF DATA IT ADDED the damn thing came BACK on its ownright before I left. After some detective work on tracking HOW and WHY it came back with NO activity on the browser, I told the owner (and friend)to buy the MBAM software. I installed the MBAM program, bought the license and fired it up. It immediately identified the IP of the server trying to resend the same damn Malware and stopped it cold. I did a test on SL1 (A laptop i use to test software\networks for virus/malware/etc.. sacrificial lamb 1 is its name)and went to the ONLY site she (customers step kid) swore she went to and no other. Well no sooner then the page loaded that the damn Malware program was on the pc. I killed it (love rollback software with registry backups and change tracking at the file level) and ran same situation with the PC MBAM was on. Punt blocked and software deflected. Customer happy and saved them alot of time and money and me some hair.
Now I will say that I did notice that it blocks some of the bigger torrent sites (read: illegal software torrents riddled with Trojans and virus files) and crack sites (also riddled).
I think blocking those is justifiable as they also like to send out the occasional malware program and if you want to risk your security then turn it off but don’t cry when your system does a crash and burn that makes the Hindenburg look like a fender bender.
No one forces you to use the software, and btw using it as the ONLY defense is stupid. Its not a all-in-one product, it does anti-malware and does it great but you still need a firewall and AV program.
Take what I say however you want or not at all. I have over 25 years of IT experience under my belt with a majority of it in network security,data protection, WAN setup,etc.I can honestly say I recommend this to every single client I have that uses the internet and have yet had ONE single complaint with the exception of why it was not out years ago hehe.
I am not a “fan boy” nor do I work for malware bytes. If it screwed up or did not deliver on a promise I would be just a fervent about it being fixed or a clarification BUT before bashing this software and company and/or jumping on the “they suck” bandwagon driven by the head malcontent(Simon caster)I would take a moment to make my OWN opinion.. the sheeple should try it.
January 14th, 2010 at 8:56 am
Although I am no computer expert, I have had this program on for a month or so now, and am quite satisfied with it.
What I cannot understand is why many of you are having trouble with the IP Blocker. Mine is on, and I still can access Torrents and download from there. But I would think it can be from WHAT people try to download. I don’t think my connection gets slower, not even on Torrents.
What I would like to see in future updates is an option to have an automatic update on startup added to the time options. I am one of those who just switch on the computer when I need it, and no fixed time. It would help tremendously, as it will ensure that anytime you go online, you are safe. People sometimes tend to forget to update manually.
January 18th, 2010 at 9:27 am
The solution it’s very simple: “Malwarebytes has blocked a malicious IP address xxxxxxxxxxx. What do you want to do: 1. permanentely block this IP address 2. unblock the IP address “.
This is a great program but it’s very, VERY STRANGE, as Overkill says, “Malwarebyte’s has decided to become the super cop to decide which websites you can visit and which you can’t”.
Let people decide if an IP address it’s dangerous or not. Simple as that!
January 18th, 2010 at 10:23 am
By the way, I´m not sure what MBAM is legal, forcing you to block some “malicious sites”. What MBAM should do it’s WARN you that a site is potentially dangerous and if so let people know the name of the site so you can decide wether or not the site is dangerous. The issue is block ALL the sites or NONE! Try the balanced solution: block ONLY the sites the user wants to block.
January 19th, 2010 at 9:11 pm
If you can tell that a website is going to download crap onto you pc without telling you then your really good, since the fact is that 99% of the IP’s it blocks are from sites that do just that… download junk ware onto your system without your knowledge or permission. Oh and btw.. your statement of QUOTE:By the way, I´m not sure what MBAM is legal, forcing you to block some “malicious sites”:Quote Makes no sense and is…how do i say this gently.. RETARDED.
January 20th, 2010 at 1:08 am
Pooter Geek said it perfectly:
#23 “Marcin, if we disable IP protection, yes it does kill the balloon but it also stops the IP protection. Can we keep the protection but stop the annoying the balloon? Also, can there be a link in mbam that points to the log of blocked IPs?
I am very sure my computer is secure, but then these balloons started popping up. I scanned with mbam and avast, nothing found.
Reading other comments, I think we all want the same things, scanning is good, let us be able to turn off the balloon and access the log from within mbam.”
This was mid 2009 nothing has changed but, I’m still loving the blocking and protection. just annoyed
January 21st, 2010 at 8:21 pm
I’ve been using a site (Filespump) for quite a long time without problems, but these guys have decided that this site is maliciuos. I’ve just read a review made for another important antivirus company (Mac…something) in which you can read that nothing strange or malicious was found it. Well since i’ve been using MBAM is impossible to access to this site, so i must turn off the internet protection to enter to the site. Only, once again, ONLY MBAM has described this site as a “malicious IP”, why don’t you tell us, instead of “malicious IP” , something like : “This site is considered…. Do you really want to enter on this site?”. With this kind of messages people get confused thinking there is a virus or something like that- Why do you refuse to implement this option…? once again, very “suspicious”. Hey Tim, take it easy boy. This is not a school wall…
January 22nd, 2010 at 8:28 am
About blocking an IP address a GoogleGuy Says:
“We can do it, but we prefer not to. Virtual hosting means that innocent sites and spam sites can be on the same Class C block–or even on the same IP address. Besides, it’s not so hard for a NastyJerk to move to a different hosting company. So in general we avoid this.”
Well, last night i tried to visit my favorite site xxxtube.com and guess what… it was blocked by SuperCensoring MBAM! maybe because it’s a porn site?
January 22nd, 2010 at 11:36 am
This is paranoic! Read carefully: most of the sites for downloading files has been censored by MBAM including Rapidlibrary,fiberdownload, filespump…!Well it’s true that in these sites you can download the cracked version of MBAM…Strange isn’it? Do you want to know how useful is this blocking option? Everytime the ballon is displayed take the mentioned “malicious address” and go to whatismyipaddress.com/ and check for the address in the black list and you know what…99.99999% of the addresses never appears on it nor in the Ad-Police list. Well i decided to turn off this useless option of Internet Protection: it’s nothing but a marketing and censoring strategy! i’m gonna try Kaspersky Internet protection instead.
January 22nd, 2010 at 11:19 pm
Malwarebytes is OUTSTANDING… I’ve started to call it the “single application” to fix all problems.. ok, not quite. But this little gem comes the closet! It’s just amazing how well it does, all on it’s own.. It’s a buyer! I usually only need this.. and maybe a Winternals ERD disk to nail about anything.. And ESET NOD32 to handle the virus side of day to day life.. I am a huge fan of this dynamo.. A RECOMMEND! Good job, gentalmen! RLR
January 27th, 2010 at 3:38 pm
While Malwarebytes IP Protection is a great feature, do we really need to see that bubble every time it goes into effect? It is distracting and annoying.
January 27th, 2010 at 3:44 pm
Perhaps Malwarebytes could provide clients with the OPTION of turning off the visual protection display — a.k.a. the bubble.
When this thing gets going haywire, it blocks me from clicking on other programs at the bottom/right of my screen that I need to access — the bubble gets in the way of my mouse pointer. Working around that bubble is a pain in the butt; click on the X to close and it comes right back.
January 28th, 2010 at 10:35 am
i am unable to enable IP Protection on one computer running 2003 server. it is enabled on other 2003 servers. i tried un-install, cleared out registry entries, profile folders, program files folders, etc, etc. but each time i install and register, i cannot enable ip protection – ERRORS IP protection failed: PfBindInterfaceToIPAddress failed with error code 87 and IP protection failed: PfMakeLog failed with error code 85
January 31st, 2010 at 10:16 pm
I have always liked Malwarebytes for cleaning machines. My regiment is Combofix in safe mode, reboot. Ccleaner, Malwarebytes full scan, then Clamwin full scan. I have yet to run into a machine that did not clean up if done in that order. I’m using the free version right now but probably will purchase the pro version. I’m not sure if I like an IP blocker on my malware scanner tho. At least it can be turned off. It would be nice if the IP list could be adjusted by the user. IE make exceptions.
February 3rd, 2010 at 4:14 pm
I for one have stopped using the program because of this, I know when a site I have been visiting is bad or not without this program that I paid good money for forces me to ignore it (the site I mean) there is no option to tell the program to ignore a particular ip it just bans the lot. Well done for ruining a perfectly good program.
February 4th, 2010 at 5:12 am
Not to sure for XP/Vista but with Win7 you can stop the “IP notifications pop up” by hiding them, but like most it would be nice to be able to turn off this feature.
February 13th, 2010 at 7:34 pm
Is there a way to turn off these alerts? I’m grateful for the extra protection but the constant bubble alerts annoy me…I can’t be the only one who thinks so?
February 15th, 2010 at 12:24 am
I’d also like an option to turn off the IP Protection notifications, I run torrents so I get these notifications every few minutes. I’d like to check a log if I want to what is being blocked, I don’t need a bubble popping up every minute informing me. My current option now is to use Window 7’s Notification Area Icons in the Control Panel and change it to Hide icon and notifications, however I would like the icon to still remain so I know that’s it running in the background. It’s just the notifications I want hidden.
February 17th, 2010 at 3:14 pm
I am trying to fix a friend’s pc, which was infected with Olmarik trojan. After performing some troubleshooting and cleaning, I am not sure if the infection is cleaned, but ESET security suite doesn’t find it anymore (was finding it everytime I restarted the pc before, I think it would find it when I started Mozila, or could have been a coincidence). Ever since the infection appeared, Malwarebytes IP protection has been blocking most if not all of the sites we would try to go to. Right now after running numerous programs, including combofix, ccleaner and tdssKiller from Kasperski to remove rootkits, it seems that the Olmarik trojan is gone, however, malwarebytes keeps acting the same
If I turn off the ip protection, most sites become accessable, but some (Ex: Eset.com are always inaccessable, even if I turn Malwarebytes completely off). If someone knows what to do out there, please help.
February 17th, 2010 at 5:45 pm
Malwarebytes ip protection blocks almost everything after pc was infected with olmarik trojan. Also, Eset.com and malwarebytes.org do not open in either Mozilla or IE. Please help. Thank you.
February 18th, 2010 at 2:20 am
Please turn off the bubble notification. The sound and the appearance of the bubble every minute is so annoying.
February 22nd, 2010 at 10:03 pm
give us an option of shutting off the ip warning bubble. but keep it running. i love the service. but i use my tay to start my programs and it gets in the way.
February 22nd, 2010 at 11:55 pm
The area where I am confused is that the balloon tells me that mban blocked aceess to a malicious address, which causes me to think that a program on my computer is trying to access this site. Is there any way to tell WHICH program on my puter is trying to do this?
I seen in reading down the lines of comments that eventually, the mabam staffers are simply ignoring comments from the “peanut-gallery”, and wisely so.
My comment to those whom are never satisified?
“WANT SOME CHEESE WITH THAT WHINE?”
If ya don’t want the balloon?…..uncheck the ip protection, or use it and get used to a lil slower (but MUCH safer) surfing expierience
February 23rd, 2010 at 2:35 am
this is the most annoying feature in any software i have ever used. the fact that you can’t disable it is the reason i am uninstalling your software!
<3 VK